JP5475526B2 - Maintenance terminal and maintenance terminal system using the maintenance terminal - Google Patents

Maintenance terminal and maintenance terminal system using the maintenance terminal Download PDF

Info

Publication number
JP5475526B2
JP5475526B2 JP2010085749A JP2010085749A JP5475526B2 JP 5475526 B2 JP5475526 B2 JP 5475526B2 JP 2010085749 A JP2010085749 A JP 2010085749A JP 2010085749 A JP2010085749 A JP 2010085749A JP 5475526 B2 JP5475526 B2 JP 5475526B2
Authority
JP
Japan
Prior art keywords
maintenance
terminal
file
network
maintenance terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2010085749A
Other languages
Japanese (ja)
Other versions
JP2011216041A (en
Inventor
典宏 長徳
明彦 渡邊
淳 井上
篤志 扇谷
武 植田
Original Assignee
三菱電機ビルテクノサービス株式会社
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機ビルテクノサービス株式会社, 三菱電機株式会社 filed Critical 三菱電機ビルテクノサービス株式会社
Priority to JP2010085749A priority Critical patent/JP5475526B2/en
Publication of JP2011216041A publication Critical patent/JP2011216041A/en
Application granted granted Critical
Publication of JP5475526B2 publication Critical patent/JP5475526B2/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Description

  The present invention relates to a maintenance terminal that can be connected to both an in-house network and a maintenance site network, and a maintenance terminal system that uses the maintenance terminal.
  For maintenance terminal systems including maintenance terminals and maintenance terminals used in the company internal network and the maintenance site network outside the company, internal applications used in the internal network and maintenance data applications used in the internal data and maintenance site network Since the maintenance site data is used on the same terminal, in-house applications and in-house data that are not used on the maintenance site are taken out when working at the maintenance site (see, for example, Patent Document 1).
  In addition, for the maintenance terminal and maintenance terminal system, the keyboard and mouse operations are sent from the maintenance terminal to the server, the server performs processing according to the operation, and only the screen data is transferred to the maintenance terminal. If so-called thin client is implemented, it is not necessary to store applications and data in the hard disk of the maintenance terminal even when taking it outside for use in the maintenance site network (see, for example, Patent Document 2).
JP 2008-077600 A JP 2008-077413 A
  However, even if the entire hard disk or in-house data of the maintenance terminal is encrypted, there is a security risk because the encrypted data may be leaked if the maintenance terminal is lost or stolen.
  In addition, maintenance terminals implemented with thin clients need to provide an always-on environment where broadband networks such as broadband and mobile broadband can be used on the maintenance site network, which is difficult to apply to all maintenance sites. is there.
  The present invention has been made to solve the above-described problems, and uses the in-house application used in the in-house network, the in-house data, the maintenance site application used in the maintenance site network, and the maintenance site data on the same terminal. It is an object of the present invention to obtain a maintenance terminal that can use a maintenance site application and maintenance site data and a maintenance terminal system that uses the maintenance terminal by preventing in-house data from being taken out and reducing security risks.
  The maintenance terminal according to the present invention is a maintenance terminal that accesses the in-house data and the maintenance data by connecting exclusively to the in-house network and the maintenance site network, and detects that it is connected to the in-house network. Permits activation of either the in-house terminal virtual machine or the maintenance terminal virtual machine, and permits the activation of the maintenance terminal virtual machine when it is detected that it is connected to the maintenance site network. A maintenance terminal management unit that prohibits starting virtual machines is provided.
In the maintenance terminal system according to the present invention, in the maintenance terminal for accessing in-house data and maintenance data, it is possible to prevent information from being taken out of the company as a file server of an in-house network that can trust the file storage destination of in-house data. There is an effect of reducing the risk of leakage.
Also, in maintenance terminals that access in-house data and maintenance data, the execution of maintenance terminal virtual machines including maintenance applications is permitted only in locations where network connection between the in-house network and the maintenance site network is permitted. Since the maintenance data file storage destination is only the encryption area, there is an effect of ensuring the availability as a maintenance terminal while reducing the risk of information leakage.
1 is a configuration diagram of a maintenance terminal system according to the present invention. FIG. It is a data area block diagram of a file server. It is a block diagram of a terminal mode determination / switching information table. It is a block diagram of a file server area | region switching table. It is a block diagram of a file monitoring control information table. It is a flowchart which shows the procedure which connects to a company network and starts a maintenance terminal. It is an input screen of authentication information for connecting the maintenance terminal to the network. It is a selection screen for selecting an in-house terminal virtual machine or a maintenance terminal virtual machine from a maintenance terminal connected to the in-house network. It is a flowchart which shows the procedure which uses the internal terminal virtual machine of the maintenance terminal connected to the internal network in the company. It is a flowchart which shows the procedure which uses the maintenance terminal virtual machine of the maintenance terminal connected to the company network in the company. This is a screen for specifying a file to be taken to the maintenance site. It is a flowchart which shows the procedure in which the maintenance terminal connected to the company network in the company monitors the file server. It is a flowchart which shows the procedure which deletes a file, when the maintenance terminal is not connected to the corporate network. It is a flowchart which shows the procedure which connects to a maintenance site network and starts a maintenance terminal. It is a flowchart which shows the procedure of using the maintenance terminal virtual machine of the maintenance terminal connected to the maintenance site network at the maintenance site. It is a flowchart which shows the procedure when storing in-house data in a maintenance terminal and taking it out. This is a screen for designating files in the in-house data area to be taken to the maintenance site. This is a screen for giving approval for taking out files in the in-house data area to be taken to the maintenance site. This is the content of the file history recorded in the approval terminal.
Hereinafter, preferred embodiments of a maintenance terminal according to the present invention will be described with reference to the drawings.
FIG. 1 is a configuration diagram of a maintenance terminal system according to the present invention.
The maintenance terminal 1 according to the present invention is used by being exclusively connected to an in-house network 2 inside the company and a maintenance site network 3 outside the company. Internally, the internal application 4 and the maintenance application 5 are executed by connecting to the internal network 2, and the external application is connected to the maintenance site network 3 to execute the maintenance application 5.
  The site system 11 includes a network authentication device 12 that performs authentication when the maintenance terminal 1 connects to the maintenance site network 3, an elevator monitoring device 14 that monitors the elevator device 13, and video monitoring of the surroundings of the elevator device 13. Additional equipment such as the monitoring recorder 15 to be performed.
  The in-house system 21 includes a network authentication device 22 that performs authentication when the maintenance terminal 1 connects to the in-house network 2, a file server 23 that stores application files of the maintenance terminal 1, and an elevator monitoring device 14. A remote monitoring server 24 that receives the elevator monitoring status, and an approval terminal 25 that performs approval and history recording regarding file movement of the file server 23 are provided.
  The elevator monitoring device 14 and the remote monitoring server 24 are connected through the remote monitoring line 6 to notify the abnormality of the field system 11 including the elevator from the elevator monitoring device 14.
The maintenance terminal 1 includes a maintenance terminal management unit 31, an in-house terminal virtual machine 32, and a maintenance terminal virtual machine 33.
The in-house terminal virtual machine 32 includes an in-house application 4, an OS 34, a virtual network unit 35, and a virtual file system unit 36, and is an environment for executing the in-house application 4 used in the company.
The maintenance terminal virtual machine 33 includes a maintenance application 5, an OS 37, a virtual network unit 38, and a virtual file system unit 39, and is an environment for executing the maintenance application 5 used at the maintenance site.
  The maintenance terminal management unit 31 includes, for example, a network interface 48 for LAN connection with the in-house system 21 or the field system 11, a network authentication unit 41 for performing authentication when connecting to the network authentication devices 12 and 22, and in-house according to the authentication result. A terminal mode switching unit 42 that determines to operate in the office when connected to the network 2 and to operate at the maintenance site when connected to the maintenance site network 3, and an internal terminal virtual when determined to operate in the company Depending on whether the machine 32 or the maintenance terminal virtual machine 33 is determined to operate at the maintenance site, the virtual machine activation unit 49 that activates the maintenance terminal virtual machine 33 and the determination result of the terminal mode switching unit 42 Network access from the in-house terminal virtual machine 32 and the maintenance terminal virtual machine 33 Network access control unit 43 that distributes the network access to the in-house network 2, the maintenance site network 3 or the prohibition, and the file access control unit that distributes the file access to the file server 23, the encryption area 45 or the prohibition according to the determination result of the terminal mode switching unit 44.
  Further, the maintenance terminal management unit 31 deletes the file in the encryption area 45 when the time during which the connection with the in-house network 2 is not detected exceeds a predetermined first time, and further exceeds the first time. True when the file in the in-house terminal virtual machine 32 and the maintenance terminal virtual machine 33 is deleted when the predetermined second time is exceeded, and the file in the encryption area 45 is deleted, And a suspicious terminal flag 47 that causes the remote monitoring server 24 to issue an abnormality when the elevator monitoring apparatus 14 detects that the suspicious terminal flag 47 is true when connected to the maintenance site network 3.
Note that a thin client server may be installed on the internal network 2 and the internal terminal virtual machine may be a thin client.
In the encryption area 45, the data file taken out by the maintenance terminal 1 is encrypted and stored. In addition, a tool execution file and a document file for maintenance work are stored.
  The network interface 48 can be a wired LAN or a wireless LAN. In the case of a wired LAN, the network authentication devices 12 and 22 connect / disconnect the network by a LAN switch or VLAN. In the case of a wireless LAN, the network is connected / blocked by wireless LAN authentication.
FIG. 2 is a data area configuration diagram of the file server 23.
The file server 23 includes an in-house data area 51 that records data files, OA tool execution files, and document files used internally, and a maintenance data area 52 that records data files, maintenance tool execution files, and document files used internally. A maintenance data download area 54 for recording data files, maintenance tool execution files and document files to be taken out to the maintenance terminal 1, and maintenance for recording data files, maintenance tool execution files and document files read from the maintenance terminal 1 The data upload area 53 is provided.
The in-house data area 51 can be accessed from the in-house application 4 of the in-house terminal virtual machine 32, the maintenance data area 52 can be accessed from the maintenance application 5 of the maintenance terminal virtual machine 33, the maintenance data upload area 53 and the maintenance data download area 54. Is accessible from the file access control unit 44 of the maintenance terminal management unit 31. When the file access control unit 44 detects that it is connected to the in-house network 2, it moves the file in the encryption area 45 to the maintenance data upload area 53 (referred to as upload) and connects to the in-house network 2. When it is detected that the file exists in the maintenance data download area 54, the file access control unit 44 moves (referred to as download) to the encryption area 45.
FIG. 3 is a configuration diagram of the terminal mode determination / switching information table.
The terminal mode switching unit 42 includes a terminal mode determination / switching information table. The correspondence between the identified network and terminal mode, the terminal virtual machine that is permitted to execute in the same mode, and the permitted file access is shown.
If the network authenticated by the network authentication unit 41 is the internal network 2 in accordance with the description in the terminal mode determination / switching information table, the terminal mode switching unit 42 sets the file access destination of the file access control unit 44 as the file server 23, and the virtual machine The activation unit 49 is set to activate either the in-house terminal virtual machine 32 or the maintenance terminal virtual machine 33. The terminal mode matches the virtual machine started by the virtual machine starting unit 49. If the network authenticated by the network authentication unit 41 is the maintenance site network 3, the terminal mode switching unit 42 sets the file access destination of the file file access control unit 44 as the encryption area 45, and causes the virtual machine activation unit 49 to perform maintenance. Setting to start the terminal virtual machine 33 is set.
Further, when the network authentication unit 41 cannot authenticate both the in-house network 2 and the maintenance site network 3, the file access control unit 44 is set to prohibit file access, and the virtual machine activation unit 49 is also instructed to display any virtual Do not allow the machine to start.
FIG. 4 is a configuration diagram of the file server area switching table.
The file access control unit 44 is provided with a file server area switching information table. The file access control unit 44 indicates the path setting of the file access destination in the file server 23 according to the terminal mode when connected to the in-house network 2.
According to the file server area switching table, when the terminal mode is the in-house terminal, the file access from the in-house terminal virtual machine 32 becomes the in-house data area 51 of the file server 23 by the file access control unit 44. When the terminal mode is the maintenance terminal, the file access from the maintenance terminal virtual machine 33 is the maintenance data area 52, the upload by the file access control unit 44 is the maintenance data upload area 53, and the download by the file access control unit 44 is the maintenance data. This is performed for each of the download areas 54.
FIG. 5 is a configuration diagram of the file monitoring control information table.
The file monitoring control unit 46 includes a file monitoring control information table. In the file monitoring control information table, the suspicious timer indicating the first time until the file in the encryption area 45 is deleted, and the files until the files in the in-house terminal virtual machine 32 and the maintenance terminal virtual machine 33 are deleted. And a terminal virtual machine deletion timer indicating time 2 is set.
FIG. 6 is a flowchart showing a procedure for starting the maintenance terminal 1 by connecting to the in-house network 2.
When the maintenance staff connects the maintenance terminal 1 to the in-house system 21 and activates the maintenance terminal 1, the maintenance terminal management unit 31 of the maintenance terminal 1 is activated to start file monitoring and to set up the in-house terminal virtual machine 32. In order to determine whether to start or to start the maintenance terminal virtual machine 33, monitoring of the network connection status is started. As shown in FIG. 7, the maintenance terminal 1 displays a screen that prompts input of authentication information.
When a maintenance person inputs a user name and password as network authentication information, network authentication is started and network authentication is performed by the network authentication device 22 of the in-house system 21. Although the user name and password are input from the keyboard of the maintenance terminal 1, the authentication information may be stored in an IC card and the IC card may be read by an IC card reader.
  The terminal mode switching unit 42 permits the network access control unit 43 to connect to the internal network 2 because the maintenance terminal 1 is connected to the internal network 2. Since it is connected to the in-house network 2, the file monitoring control unit 46 clears the suspicious terminal flag 47 and extends the time of the suspicious timer and the time of the terminal virtual machine deletion timer in the file monitoring control information table by a predetermined time, respectively. Reset it. The terminal mode switching unit 42 sets the file access control unit 44 to access the file server 23. When the file access control unit 44 uploads the file in the encryption area 45 to the maintenance data upload area 53, the file server 23 moves the file in the maintenance data upload area 53 to the maintenance data area 52.
The file access control unit 44 notifies the approval terminal 25 that the file in the encrypted area 45 has been uploaded to the file server 23. Upon receiving the uploaded notification, the approval terminal 25 records the history. The file access control unit 44 starts monitoring the file server 23 for downloading to the encryption area when there is a file in the maintenance data download area 54.
Next, when the terminal mode switching unit 42 recognizes the connection to the in-house network 2, the maintenance terminal 1 displays a screen for selecting a terminal environment to be activated as shown in FIG. The maintenance staff selects either the in-house terminal environment or the maintenance terminal environment. If there is a high possibility of working on the in-house terminal virtual machine 32 when connected to the in-house network 2, for example, the in-house terminal environment is automatically selected after 15 seconds.
According to the selected in-house terminal environment or maintenance terminal environment, the virtual machine activation unit 49 activates the in-house terminal virtual machine 32 or the maintenance terminal virtual machine 3.
FIG. 9 is a flowchart showing a procedure for using the in-house terminal virtual machine 32 of the maintenance terminal 1 connected to the in-house network 2 in the company.
When the in-house terminal virtual machine 32 is activated, the in-house application 4 is activated. The maintenance staff operates the in-house application 4 to execute a desired job. When the in-house application 4 needs to perform file access processing, the file access control unit 44 determines the access destination of the file access in the terminal mode determination. The terminal mode switching unit 42 designates the file server 23 according to the switching information table and processes file access.
When the maintenance staff completes the desired job and terminates the use of the maintenance terminal 1, the in-house terminal virtual machine 32 is instructed to shut down, and the OS (operating system) 34 is shut down in accordance with the instruction.
FIG. 10 is a flowchart showing a procedure for using the maintenance terminal virtual machine 33 of the maintenance terminal 1 connected to the in-house network 2 in the company.
When the maintenance terminal virtual machine 33 is activated, the maintenance application 5 is activated. Then, the maintenance person operates the maintenance application 5 to execute a desired job. When the maintenance application 5 needs file access processing, the file access control unit 44 determines the access destination of the file access in the terminal mode determination. The terminal mode switching unit 42 designates the file server 23 according to the switching information table and processes file access.
When the maintenance person operates the maintenance application 5 and takes out the file stored in the maintenance data area 52 of the file server 23 to the maintenance site, the file to be taken out to the maintenance site as shown in FIG. The specified screen is displayed, and is specified by maintenance personnel.
The maintenance application 5 instructs the file access control unit 44 to move the designated file to the file server 23, and the file server 23 moves the designated file from the maintenance data area 52 to the maintenance data download area 54. The file access control unit 44 encrypts the file stored in the maintenance data download area 54 as shown in the flowchart of FIG. 12 showing a procedure for monitoring the file server 23 by the maintenance terminal 1 connected to the company network 2 in the company. Move to the conversion area 45.
  When the maintenance staff completes the desired job and terminates the use of the maintenance terminal 1, a shutdown instruction is issued to the maintenance terminal virtual machine 33, and the OS 37 is shut down in accordance with the instruction.
FIG. 12 is a flowchart showing a procedure for monitoring the file server 23 by the maintenance terminal 1 connected to the in-house network 2 in the company.
When the file access access destination is designated as the file server 23, the file access control unit 44 starts monitoring the file server 23, which includes monitoring the maintenance data download area 54 of the file server 23. In monitoring the maintenance data download area 54, the file server 23 is requested to check whether there is a file in the maintenance data download area 54, and when there is a file, the file is downloaded to the encryption area 45. The file server 23 moves the file from the maintenance data download area 54 to the maintenance terminal 1 and then deletes the file from the maintenance data download area 54.
  When the file access control unit 44 downloads a file from the maintenance data download area 54 of the file server 23 to the encryption area 45, the file access control unit 44 transmits an identification symbol of the downloaded file to the approval terminal 25. The approval terminal 25 records a history of files downloaded from the in-house system 21.
FIG. 13 is a flowchart showing a procedure for deleting a file when the maintenance terminal 1 is not connected to the in-house network 2.
The file monitoring control unit 46 starts measuring time from when the maintenance terminal 1 is not connected to the in-house network 2. Then, it is determined whether or not there is a file in the encryption area 45. If there is a file in the encryption area 45, it is determined whether or not the suspicious timer has been exceeded. When the suspicious timer is exceeded, the suspicious terminal flag 47 is set, and when the suspicious timer is not exceeded, the clocking is continued.
  When the suspicious terminal flag 47 is set or there is no file in the encryption area 45, it is determined whether or not there is a file in the in-house terminal virtual machine 32 or the maintenance terminal virtual machine 33, and the in-house terminal virtual machine 32 or the maintenance If there is a file in the terminal virtual machine 33, it is determined whether or not the time being counted has exceeded the terminal virtual machine deletion timer. When the terminal virtual machine deletion timer is exceeded, the files of the in-house terminal virtual machine 32 and the maintenance terminal virtual machine 33 are deleted.
FIG. 14 is a flowchart showing a procedure for connecting to the maintenance site network 3 and activating the maintenance terminal 1.
When the maintenance staff connects the maintenance terminal 1 to the field system 11 and activates the maintenance terminal 1, the maintenance terminal management unit 31 of the maintenance terminal 1 is activated to start file monitoring and network monitoring. As shown in FIG. 7 , the maintenance terminal 1 displays a screen that prompts input of authentication information.
When a maintenance person inputs a user name and a password as network authentication information, network authentication is started and network authentication is performed by the network authentication device 12 of the field system 11.
The terminal mode switching unit 42 permits the network access control unit 43 to connect to the maintenance site network 3 because the maintenance terminal 1 is connected to the maintenance site network 3. Since the terminal mode switching unit 42 is connected to the maintenance site network 3, the terminal mode switching unit 42 sets local access to the file access control unit 44. The file monitoring control unit 46 transmits the value of the suspicious terminal flag 47 to the terminal mode switching unit 42 and the elevator monitoring device 14 . The terminal mode switching unit 42 stops the maintenance terminal 1 when the suspicious terminal flag 47 is true. When the suspicious terminal flag 47 is false, the virtual machine starting unit 49 is instructed to start. The virtual machine activation unit 49 activates the maintenance terminal virtual machine 33. The maintenance terminal virtual machine 33 is activated.
When the elevator monitoring device 14 receives information that the suspicious terminal flag 47 is true, the elevator monitoring device 14 reports an abnormality that the suspicious terminal is found to the remote monitoring server 24.
FIG. 15 is a flowchart showing a procedure for using the maintenance terminal virtual machine 33 of the maintenance terminal 1 connected to the maintenance site network 3 at the maintenance site.
When the maintenance terminal virtual machine 33 is activated, the maintenance application 5 is activated. Then, the maintenance person operates the maintenance application 5 to execute a desired job. When the maintenance application 5 needs file access processing, the file access control unit 44 determines the access destination of the file access in the terminal mode determination. The terminal mode switching unit 42 designates the encryption area 45 according to the switching information table and processes file access.
Further, when the maintenance application 5 needs to access the elevator monitoring device, the network access control unit 43 relays the access to the elevator monitoring device 14 of the maintenance site network 3 permitted to be connected to process the elevator monitoring device access. To do.
When the maintenance staff completes the desired job and terminates the use of the maintenance terminal 1, a shutdown instruction is issued to the maintenance terminal virtual machine 33, and the OS 37 is shut down in accordance with the instruction.
FIG. 16 is a flowchart showing a procedure for storing an in-house data file in the maintenance terminal 1 and taking it out.
The maintenance terminal 1 is connected to the internal network 2 to start the internal terminal virtual machine 32 and then the internal application 4 is started.
Next, the maintenance staff instructs the maintenance site to take out a file of in-house data stored in the in-house data area 51 of the file server 23. At this time, since a screen as shown in FIG. 17 is displayed on the maintenance terminal 1, the maintenance staff checks and designates the file to be taken out.
Then, a screen as shown in FIG. 18 is displayed on the approval terminal 25, and the administrator inputs whether to approve or reject. When the administrator approves file export, the approved file is recorded in the approval terminal 25.
If the administrator approves, the file access control unit 44 instructs the file server 23 to move the file, and the file server 23 moves the corresponding file in the in-house data area 51 to the maintenance data download area 54. Then, the file access control unit 44 reads the file from the maintenance data download area 54 of the file server 23 as shown in the flowchart of the procedure for monitoring the file server 23 by the maintenance terminal 1 connected in-house to the in-house network 2 shown in FIG. Is moved to the encryption area 45.
When the maintenance staff completes the desired job, when the use of the maintenance terminal 1 is finished, a shutdown instruction is issued to the in-house terminal virtual machine 32, and the OS 34 is shut down in accordance with the instruction.
FIG. 19 shows the contents of the file history recorded in the approval terminal 25.
This history is added by notification from the maintenance terminal management unit 31 to the approval terminal 25. The date and time is the date and time when the processing for the file occurred, the user name is the user name that has been network-authenticated using the maintenance terminal 1, the maintenance terminal name is the name of the maintenance terminal 1, and the processing content is the processing performed on the file ( Approval / move from the in-house data area 51 to the maintenance data download area 54, move from the maintenance data download area 54 to the encryption area 45 of the maintenance terminal manager 31, and from the encryption area 45 of the maintenance terminal manager 31 Any of the movement to the maintenance data upload area 53), the file name is the name of the file to be processed.
In the maintenance terminal system according to the present invention, in-house data and the maintenance terminal 1 that accesses the maintenance data, the in-house data is erroneously taken out of the company as the file server 23 of the in-house network 2 that can trust the file storage destination of the in-house data. To reduce the risk of information leakage by deterring illegal or illegal removal.
Further, in the maintenance terminal 1 that accesses the in-house data and the maintenance data, the execution of the maintenance terminal virtual machine 33 including the maintenance application 5 is permitted only in a place where the in-house network 2 and the maintenance site network 3 can be connected to the network. Since the maintenance data file storage destination in the maintenance site network 3 is only the encryption area 45, the availability as the maintenance terminal 1 is ensured while reducing the risk of information leakage.
  In addition, the maintenance terminal 1 executes the in-house terminal virtual machine 32 and the maintenance terminal virtual machine 33 to restrict access to the in-house data and maintenance data to the respective virtual machines, and to the maintenance site. By making the user explicitly take out the data of the company, it is made difficult for the in-house data to be taken out on site due to an erroneous operation.
  Further, the approval terminal 25 monitors a file in the maintenance download area 54 of the file server 23, detects a change in file information and the like, and checks whether or not a predetermined keyword is included in the content of the file. In addition, by regularly checking whether there are any files that have been taken out for a long time, it is possible to find out illegal taking out, undesired taking out, taking out for a long time, and the like.
  In addition, since the processed file is recorded in the file history of the approval terminal 25, the files to be searched are limited, and the inspection speed can be increased in order to inspect the file contents using the file change as a trigger. In addition, the item to be checked periodically is only the file update date and time check, which can be executed at high speed.
  Further, when the first time has elapsed since the last connection of the maintenance terminal 1 to the in-house network 2, the file monitoring control unit 46 deletes the file in the encryption area 45 and is longer than the first time. When the second time elapses, the files of the in-house terminal virtual machine 32 and the maintenance terminal virtual machine 33 are deleted, so that the maintenance application 5 is executed on a terminal that has not been taken home for a long time and corporate confidentiality reference is made. Etc. can be restricted. As a result, it is possible to prevent theft or loss of leakage when it is lost, or to prevent the maintenance terminal 1 from being diverted.
  1 maintenance terminal, 2 in-house network, 3 maintenance site network, 4 in-house application, 5 maintenance application, 6 remote monitoring line, 11 on-site system, 12 network authentication device, 13 elevator device, 14 elevator monitoring device, 15 monitoring recorder, 21 In-house system, 22 Network authentication device, 23 File server, 24 Remote monitoring server, 25 Approval terminal, 31 Maintenance terminal management unit, 32 In-house terminal virtual machine, 33 Maintenance terminal virtual machine, 34 OS, 35 Virtual network unit, 36 Virtual file system unit, 37 OS, 38 Virtual network unit, 39 Virtual file system unit, 41 Network authentication unit, 42 Terminal mode switching unit, 43 Network access control unit, 44 File access control unit , 45 Encryption area, 46 File monitoring control part, 47 Suspicious terminal flag, 48 Network interface, 49 Virtual machine starting part, 51 Internal data area, 52 Maintenance data area, 53 Maintenance data upload area, 54 Maintenance data download area.

Claims (6)

  1. A maintenance terminal for accessing internal data and maintenance data by connecting exclusively to the internal network and the maintenance site network,
    When it is detected that it is connected to the internal network, it is allowed to start either the internal terminal virtual machine or the maintenance terminal virtual machine, and when it is detected that it is connected to the maintenance site network, the maintenance is performed. A maintenance terminal comprising a maintenance terminal management unit that permits activation of a terminal virtual machine and prohibits activation of the in-house terminal virtual machine.
  2.   The maintenance terminal management unit sets the file access destination as a file server connected to the in-house network when executing the maintenance terminal virtual machine when it is detected that the maintenance terminal is connected to the in-house network. 2. The maintenance terminal according to claim 1, wherein when the maintenance terminal virtual machine is detected to be connected to a field network, the file access destination is set as an encryption area.
  3. The maintenance terminal management unit deletes the file in the encrypted area when the time during which it is not detected that it is connected to the internal network exceeds a predetermined first time, and the first time And deleting the files of the in-house terminal virtual machine and the maintenance terminal virtual machine when a time that does not detect the connection to the in-house network exceeds a predetermined second time exceeding The maintenance terminal according to claim 2 .
  4. A file server connected to the in-house network has a first area and a second area accessible from the maintenance terminal virtual machine of the maintenance terminal according to any one of claims 1 to 3,
    When the maintenance terminal detects that it is connected to the internal network, it moves the file in the encryption area to the first area and encrypts the file in the second area. A maintenance terminal system comprising a maintenance terminal management unit that moves to an area.
  5. The maintenance terminal management unit includes a suspicious terminal flag indicating that the file in the encryption area has been deleted,
    The elevator monitoring apparatus connected to the maintenance site network to which the maintenance terminal is connected makes an abnormal report to the remote monitoring server when detecting that the suspicious terminal flag is true. Item 5. The maintenance terminal system according to Item 4.
  6.   An approval terminal is provided that approves the movement when moving the file stored in the file server to the encryption area of the maintenance terminal and records the history of the moved file when the movement is approved. The maintenance terminal system according to claim 4 or 5, characterized in that:
JP2010085749A 2010-04-02 2010-04-02 Maintenance terminal and maintenance terminal system using the maintenance terminal Expired - Fee Related JP5475526B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2010085749A JP5475526B2 (en) 2010-04-02 2010-04-02 Maintenance terminal and maintenance terminal system using the maintenance terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2010085749A JP5475526B2 (en) 2010-04-02 2010-04-02 Maintenance terminal and maintenance terminal system using the maintenance terminal

Publications (2)

Publication Number Publication Date
JP2011216041A JP2011216041A (en) 2011-10-27
JP5475526B2 true JP5475526B2 (en) 2014-04-16

Family

ID=44945666

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2010085749A Expired - Fee Related JP5475526B2 (en) 2010-04-02 2010-04-02 Maintenance terminal and maintenance terminal system using the maintenance terminal

Country Status (1)

Country Link
JP (1) JP5475526B2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6705979B2 (en) * 2016-06-09 2020-06-03 株式会社Pfu Device setting device, device setting method, and program

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000155730A (en) * 1998-11-20 2000-06-06 Toshiba Corp Network computer and log-in method therefor
JP2002037558A (en) * 2000-07-19 2002-02-06 Toshiba Elevator Co Ltd Maintenance and management system
JP2003063750A (en) * 2001-08-27 2003-03-05 Toshiba Elevator Co Ltd Security system for elevator maintenance tool, portable terminal loaded on maintenance tool and monitoring center device
JP2003295938A (en) * 2002-04-05 2003-10-17 Hitachi Building Systems Co Ltd Maintenance work supporting device
JP2006020877A (en) * 2004-07-08 2006-01-26 Fujitsu Frontech Ltd Bedside terminal device and bedside information system
JP4340600B2 (en) * 2004-08-05 2009-10-07 株式会社日立製作所 Work information management system, portable communication terminal, and work information management method
JP4564477B2 (en) * 2006-09-21 2010-10-20 株式会社東芝 Thin client, thin client system, and program
JP2008077600A (en) * 2006-09-25 2008-04-03 Toshiba Corp Thin client, thin client system and program
JP4789819B2 (en) * 2007-01-31 2011-10-12 株式会社日立製作所 Application and data management method, management system, thin client terminal used therefor, management server, and remote computer
JP4987555B2 (en) * 2007-04-27 2012-07-25 株式会社東芝 Information processing apparatus and information processing system
JP2009075922A (en) * 2007-09-21 2009-04-09 Casio Comput Co Ltd Server device, terminal device, leakage protection system for taken-out information, server processing program, and terminal processing program
JP4314311B2 (en) * 2007-12-27 2009-08-12 株式会社東芝 Information processing apparatus and information processing system

Also Published As

Publication number Publication date
JP2011216041A (en) 2011-10-27

Similar Documents

Publication Publication Date Title
KR101700552B1 (en) Context based switching to a secure operating system environment
US10142343B2 (en) Unauthorized access detecting system and unauthorized access detecting method
JPWO2009087702A1 (en) Virtual machine execution program, user authentication program, and information processing apparatus
CN107888609A (en) A kind of information security of computer network system
CN105827574A (en) File access system, file access method and file access device
US8978150B1 (en) Data recovery service with automated identification and response to compromised user credentials
KR101823421B1 (en) Apparatus and method for securiting network based on whithlist
KR20140071573A (en) System capable of Providing Specialized Function for Host Terminal based Unix and Linux
CN109688145B (en) Method and device for protecting privacy information
US9450965B2 (en) Mobile device, program, and control method
JP5475526B2 (en) Maintenance terminal and maintenance terminal system using the maintenance terminal
CN104883364A (en) Method and device for judging abnormity of server accessed by user
KR101276261B1 (en) Security System For Remote Connection
JP4674479B2 (en) Security management system, server device, client terminal, and security management method used therefor
CN106709369A (en) Data processing method and data processing apparatus for terminal exception
CN105791221B (en) Rule issuing method and device
TWI501106B (en) Storage medium securing method and media access device thereof background
JP6636605B1 (en) History monitoring method, monitoring processing device, and monitoring processing program
CN109657490B (en) Transparent encryption and decryption method and system for office files
JP2019075131A (en) Method for monitoring file access, program, and system
KR20100085459A (en) Personal information protecting device for using filtering network transferring data method thereof
KR101591053B1 (en) Remote control method and system using push service
KR20170038340A (en) Data leakage prevention apparatus and method thereof
JP2008225830A (en) Information management system, terminal equipment, information management method, and program
KR101968262B1 (en) Backup solution module, system for data protection and method of driving the same

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20121107

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20131010

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20131029

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20131220

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20140121

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20140206

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

LAPS Cancellation because of no payment of annual fees